Sign-up

ID

VAR-201906-0292


CVE

CVE-2019-1878


TITLE

Cisco TelePresence Codec and Collaboration Endpoint In software OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005801

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device. Cisco TelePresence Endpoint is prone to a command-injection vulnerability. This issue is being tracked by Cisco Bug ID CSCvo28194. The following products of the Cisco are vulnerable: Cisco TelePresence Integrator C Series Cisco TelePresence EX Series Cisco TelePresence MX Series Cisco TelePresence SX Series Cisco Webex Room Series. Collaboration Endpoint (CE) Software is a set of terminal collaboration software

Trust: 1.98

sources: NVD: CVE-2019-1878 // JVNDB: JVNDB-2019-005801 // BID: 108883 // VULHUB: VHN-151160

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence cescope:ltversion:8.3.7

Trust: 1.0

vendor:ciscomodel:telepresence cescope:gteversion:9.1.0

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:gteversion:7.0.0

Trust: 1.0

vendor:ciscomodel:telepresence cescope:gteversion:9.6.0

Trust: 1.0

vendor:ciscomodel:telepresence tcscope:ltversion:7.3.17

Trust: 1.0

vendor:ciscomodel:telepresence cescope:ltversion:9.5.3

Trust: 1.0

vendor:ciscomodel:telepresence cescope:ltversion:9.6.3

Trust: 1.0

vendor:ciscomodel:telepresence cescope:gteversion:8.0.0

Trust: 1.0

vendor:ciscomodel:telepresence ce softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence ce softwarescope:eqversion:9.3.1

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1.1

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:neversion:8.3.7

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.2.1

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.4

Trust: 0.3

vendor:ciscomodel:telepresence sx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence mx seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:neversion:9.7.1

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:eqversion:9.4.1

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:neversion:7.3.17

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.0.1

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:eqversion:9.1.1

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.2

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:eqversion:9.5.1

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1.4

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1.2

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.2

Trust: 0.3

vendor:ciscomodel:webex room seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.5

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.3

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence ex seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:eqversion:9.6.1

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:neversion:9.5.3

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.1

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1.3

Trust: 0.3

vendor:ciscomodel:telepresence ce softwarescope:eqversion:9.2.1

Trust: 0.3

sources: BID: 108883 // JVNDB: JVNDB-2019-005801 // NVD: CVE-2019-1878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1878
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1878
value: HIGH

Trust: 1.0

NVD: CVE-2019-1878
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-809
value: HIGH

Trust: 0.6

VULHUB: VHN-151160
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1878
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151160
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1878
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1878
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-151160 // JVNDB: JVNDB-2019-005801 // CNNVD: CNNVD-201906-809 // NVD: CVE-2019-1878 // NVD: CVE-2019-1878

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-151160 // JVNDB: JVNDB-2019-005801 // NVD: CVE-2019-1878

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201906-809

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-809

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005801

PATCH
title:cisco-sa-20190619-tele-shell-injurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-tele-shell-inj
Trust: 0.8
title:Cisco TelePresence Codec  and Collaboration Endpoint Software Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93958
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005801 // 
            
            
            
            CNNVD: CNNVD-201906-809

EXTERNAL IDS
db:NVDid:CVE-2019-1878
Trust: 2.8
db:BIDid:108883
Trust: 2.0
db:JVNDBid:JVNDB-2019-005801
Trust: 0.8
db:CNNVDid:CNNVD-201906-809
Trust: 0.7
db:AUSCERTid:ESB-2019.2208
Trust: 0.6
db:VULHUBid:VHN-151160
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151160 // 
            
            
            
            BID: 108883 // 
            
            
            
            JVNDB: JVNDB-2019-005801 // 
            
            
            
            CNNVD: CNNVD-201906-809 // 
            
            
            
            NVD: CVE-2019-1878

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-tele-shell-inj
Trust: 2.0
url:http://www.securityfocus.com/bid/108883
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1878
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1878
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2208/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-151160 // 
            
            
            
            BID: 108883 // 
            
            
            
            JVNDB: JVNDB-2019-005801 // 
            
            
            
            CNNVD: CNNVD-201906-809 // 
            
            
            
            NVD: CVE-2019-1878

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 108883 // 
            
            
            
            CNNVD: CNNVD-201906-809

SOURCES
db:VULHUBid:VHN-151160
db:BIDid:108883
db:JVNDBid:JVNDB-2019-005801
db:CNNVDid:CNNVD-201906-809
db:NVDid:CVE-2019-1878

LAST UPDATE DATE
2024-11-23T22:16:59.047000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151160date:2019-10-09T00:00:00
db:BIDid:108883date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005801date:2019-07-01T00:00:00
db:CNNVDid:CNNVD-201906-809date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1878date:2024-11-21T04:37:35.903

SOURCES RELEASE DATE
db:VULHUBid:VHN-151160date:2019-06-20T00:00:00
db:BIDid:108883date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005801date:2019-07-01T00:00:00
db:CNNVDid:CNNVD-201906-809date:2019-06-19T00:00:00
db:NVDid:CVE-2019-1878date:2019-06-20T03:15:12.230